Scribd
Upload
6 views

Android Security and Penetration Testing Resources

The document provides an extensive overview of resources for Android security and penetration testing, including static and dynamic analysis tools, online APK analyzers, practice labs, courses, and books. It lists various tools for analyzing Android applications, both before and during execution, to identify vulnerabilities and security flaws. Additionally, it emphasizes the importance of these resources for enhancing Android application security and testing methodologies.

Uploaded by

yesowar852
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
6 views

Android Security and Penetration Testing Resources

The document provides an extensive overview of resources for Android security and penetration testing, including static and dynamic analysis tools, online APK analyzers, practice labs, courses, and books. It lists various tools for analyzing Android applications, both before and during execution, to identify vulnerabilities and security flaws. Additionally, it emphasizes the importance of these resources for enhancing Android application security and testing methodologies.

Uploaded by

yesowar852
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 9

Android Security and Penetration

Testing Resources

We Are Indian We Are Great


Static Analysis Tools
Static analysis of an Android APK involves examining the
application’s code and resources without executing it.
This process helps identify vulnerabilities, security flaws,
and coding errors by analyzing the APK's structure, code,
and manifest files. Tools are commonly used to dissect
the app's bytecode, inspect the app's permissions, and
review potential security risks. Static analysis is crucial
for understanding how an application works internally,
ensuring code quality, and detecting potential threats
before the app is deployed or executed.

Amandroid – A Static Analysis Framework


Androwarn – Yet Another Static Code Analyzer
APK Analyzer – Static and Virtual Analysis Tool
APK Inspector – A Powerful GUI Tool
Droid Hunter – Android application vulnerability
analysis and Android pentest tool
Error Prone – Static Analysis Tool
Findbugs – Find Bugs in Java Programs
Find Security Bugs – A SpotBugs plugin for security
audits of Java web applications.
Flow Droid – Static Data Flow Tracker

Bhaskar Soni
Static Analysis Tools
Smali/Baksmali – Assembler/Disassembler for the dex
format
Smali-CFGs – Smali Control Flow Graph’s
SPARTA – Static Program Analysis for Reliable
Trusted Apps
Thresher – To check heap reachability properties
Vector Attack Scanner – To search vulnerable points to
attack
Gradle Static Analysis Plugin
Checkstyle – A tool for checking Java source code
PMD – An extensible multilanguage static code
analyzer
Soot – A Java Optimization Framework
Android Quality Starter
QARK – Quick Android Review Kit
Infer – A Static Analysis tool for Java, C, C++ and
Objective-C
Android Check – Static Code analysis plugin for
Android Project
FindBugs-IDEA Static byte code analysis to look for
bugs in Java code
APK Leaks – Scanning APK file for URIs, endpoints &
secrets

Bhaskar Soni
Dynamic Analysis Tools
Dynamic analysis of an Android APK involves examining
the app while it is running to observe its behavior in real-
time. This type of analysis helps identify runtime
vulnerabilities, security flaws, and malicious activities
that may not be visible during static analysis. By
executing the app in a controlled environment or emulator
and monitor network traffic, API calls, system
interactions, and file system changes. Dynamic analysis is
essential for testing an app's security defenses, such as
encryption, anti-debugging techniques, and root
detection, and to detect malware behavior that only
manifests during execution.

Adhrit - Android Security Suite for in-depth


reconnaissance and static bytecode analysis based on
Ghera benchmarks
Android Hooker - Opensource project for dynamic
analyses of Android applications
AppAudit - Online tool ( including an API) uses
dynamic and static analysis
AppAudit - A bare-metal analysis tool on Android
devices

Bhaskar Soni
Dynamic Analysis Tools

DroidBox - Dynamic analysis of Android applications


Droid-FF - Android File Fuzzing Framework
Drozer
Marvin - Analyzes Android applications and allows
tracking of an app
Inspeckage
PATDroid - Collection of tools and data structures for
analyzing Android applications
AndroL4b - Android security virtual machine based on
ubuntu-mate
Radare2 - Unix-like reverse engineering framework
and commandline tools
Cutter - Free and Open Source RE Platform powered
by radare2
ByteCodeViewer - Android APK Reverse Engineering
Suite (Decompiler, Editor, Debugger)
Mobile-Security-Framework MobSF
CobraDroid - Custom build of the Android operating
system geared specifically for application security
Magisk v20.2 - Root & Universal Systemless Interface
MOBEXLER - A Mobile Application Penetration Testing
Platform

Bhaskar Soni
Android Online APK Analyzers

Oversecured
Android Observatory APK Scan
Android APK Decompiler
AndroTotal
NVISO ApkScan
VirusTotal
Scan Your APK
AVC Undroid
OPSWAT
ImmuniWeb Mobile App Scanner
Ostor Lab
Quixxi
TraceDroid
Visual Threat
App Critique

Bhaskar Soni
Android Practice Labs
OVAA (Oversecured Vulnerable Android App)
DIVA (Damn insecure and vulnerable App)
SecurityShepherd
Damn Vulnerable Hybrid Mobile App (DVHMA)
OWASP-mstg
VulnerableAndroidAppOracle
Android InsecureBankv2
Purposefully Insecure and Vulnerable Android
Application (PIIVA)
Sieve app
DodoVulnerableBank
Digitalbank
OWASP GoatDroid
AppKnox Vulnerable Application
Vulnerable Android Application
MoshZuk
Hackme Bank
Android Security Labs
Android-InsecureBankv2
Android-security
VulnDroid
FridaLab
Santoku Linux - Mobile Security VM
Vuldroid
Bhaskar Soni
Android Courses

Learning-Android-Security
Mobile Application Security and Penetration Testing
Advanced Android Development
Learn the art of mobile app development
Learning Android Malware Analysis
Android App Reverse Engineering 101
Android Pentesting for Beginners

Android Books

SEI CERT Android Secure Coding Standard


Android Security Internals
Android Cookbook
Android Hacker's Handbook
Android Security Cookbook
The Mobile Application Hacker's Handbook
Android Malware and Analysis
Android Security: Attacks and Defenses

Bhaskar Soni
@SoniBhaskar

Enjoy Learning!
Thank You ☺

Bhaskar Soni

You might also like